Tag Archives: security
The MariaDB project is pleased to announce the availability of MariaDB 10.2.8 and MariaDB Galera Cluster 10.0.32. See the release notes and changelogs for details.
Release Notes Changelog What is MariaDB 10.2?
MariaDB APT and YUM Repository Configuration Generator
Download MariaDB Galera Cluster 10.0.32
Release Notes Changelog What is MariaDB Galera Cluster?
MariaDB APT and YUM Repository Configuration Generator
Thanks, and enjoy MariaDB! …
Continue reading “MariaDB 10.2.8 and MariaDB Galera Cluster 10.0.32 now available”
The MariaDB project is pleased to announce the immediate availability of MariaDB 10.1.26. See the release notes and changelogs for details.
Release Notes Changelog What is MariaDB 10.1?
MariaDB APT and YUM Repository Configuration Generator
Thanks, and enjoy MariaDB! …
The MariaDB project is pleased to announce the immediate availability of MariaDB 5.5.57. This is a stable (GA) release. See the release notes and changelog for details.
Release Notes Changelog What is MariaDB 5.5?
MariaDB APT and YUM Repository Configuration Generator
Thanks, and enjoy MariaDB! …
As the maintenance policy of the MariaDB Foundation states, we are committed to maintaining each release for 5 years. As MariaDB 5.5 was announced for General Availability in 2012, the five year mark will soon be passed. However, since MariaDB 5.5 is widely used in many major Linux distributions in production use at the moment, the Foundation has decided to extend the maintenance period for MariaDB 5.5 to the year 2020.
All Linux distributions currently including MariaDB 5.5 will thus continue to have security updates available for at least until 2020.
The MariaDB Foundation’s mission is to serve the greater public and we’ve decided that supporting MariaDB 5.5 for an extended period is a good use of the MariaDB Foundation’s staff time. …
Continue reading “Extended maintenance period for MariaDB 5.5”
MySQL 3.20 to 4.0
In the good old days, when 32MB of RAM justified the name my-huge.cnf, when nobody knew Google and Facebook didn’t even exist, security was… how do I put it… kind of cute. Computer viruses didn’t steal millions and didn’t disrupt elections — they played Yankee Doodle or told you not to play with the PC. People used telnet and ftp, although some security conscious admins already knew ssh.
Somewhere around this time, give or take a few years, MySQL was born. And it had users, who had to be kept away from seeing others’ data, but allowed to use their own. …
During the recent days there has been quite a lot of questions and discussion around a vulnerability referred to as MySQL Remote Root Code Execution / Privilege Escalation 0day with CVE code CVE-2016-6662. It’s a serious vulnerability and we encourage every MariaDB Server user to read the below update on the vulnerability from a MariaDB point of view.
The vulnerability can be exploited by both local and remote users. Both an authenticated connection to or SQL injection in an affected version of MariaDB Server can be used to exploit the vulnerability. If successful, a library file could be loaded and executed with root privileges. …
Usually when one says “SSL” or “TLS” it means not a specific protocol but a family of protocols. Wikipedia article has the details, but in short — SSL 2.0 and SSL 3.0 are deprecated and should not be used anymore (the well-known POODLE vulnerability exploits the flaw in SSL 3.0). TLS 1.0 is sixteen years old and while it’s still being used, new security standards (for example PCI DSS v3.1) require TLS 1.1 or, preferably, TLS 1.2.
MySQL used to support TLS 1.0 since 2001. Which means MariaDB supported it from the day one, and never supported weaker SSL 2.0 or SSL 3.0. …
Last week, a SSL connection security vulnerability was reported for MySQL and MariaDB. The vulnerability states that since MariaDB and MySQL do not enforce SSL when SSL support is enabled, it’s possible to launch Man In The Middle attacks (MITM). MITM attacks can capture the secure connection and turn it into an insecure one, revealing data going back and forth to the server.
Issue resolution in MariaDB is visible through the corresponding ticket in MariaDB’s tracking system (JIRA): https://mariadb.atlassian.net/browse/MDEV-7937
The vulnerability affects the client library of the database server in both MariaDB and MySQL. But, the vulnerability does not affect all the libraries, drivers or connectors for establishing SSL connections with the server. …
Continue reading “Information on the SSL connection vulnerability of MySQL and MariaDB”